Table of Contents
So, let’s say you receive an email from a notable package carrier like FedEx. The company is notifying you that someone sent you a package. In the body of the message you see a document preview showing a list of items. There is an ID number and other official looking information. There is also a link that directs you to visit the FedEx website to view the document.
Once there, a link is provided to view the document. Clicking the link takes you to a Microsoft login portal. You try to login with your credentials but for some reason, it doesn’t work. I hope that this process doesn’t sound familiar to you. This is exactly what happened to 10,000 Microsoft email users recently. Each person who entered their login credentials unknowingly relinquished them to hackers. Let’s look at how to recognize these phishing email attacks, step by step.
Know Your Sender
The first step is to add frequent email correspondences to your address book or contacts. FedEx, UPS, Google, and Microsoft are some of the most popular services. They typically send confirmation emails and newsletters regularly. If you get an email from FedEx but it’s not from your saved contacts, you might want to be cautious. If you don’t want to bother adding contacts, no worries. You can still catch it. Just make sure that the sending address is actually who it says it is.
Am Definitely American
Broken english is another dead giveaway. Any professional legitimate company will send typo, grammar, and spelling-perfect emails. Keep an eye out for poor grammar and missing words. These days, email filters are smart and will send most of these types of emails to your spam folder. But hackers do find ways around these roadblocks. More often than not, they are just speedbumps.
To Click or Not to Click
The next step is the link. If they are claiming its FedEx, make sure the link text has fedex.com in its address. This particular large scale phishing attack sent a link to email recipients that lead to a seemingly normal website. In this case, FedEx. It contained the FedEx logo with other familiar features that were all fabrication. Hackers use these familiarization tactics to deter you from looking at the address bar in your browser.
If it is indeed a FedEx website, then fedex.com will be in the address bar. The fake websites in this attack were hosted for free by Quip or Google Firebase. These free services are very easy to use and hackers take advantage of them. Not only is it easy, but emails sent using these services are often not detected by security filters because, well, it’s a Google service.
That’s How They Get Ya
The last step is the clincher. The moment you actually get hacked is when you put in your login information. This phishing scam used an additional link on the counterfeit FedEx website.
Following this link will take you directly to the hacker’s web server. In the example of the Microsoft hack, it was an aesthetic clone of Microsoft’s website. But believe you me, the similarities are only skin deep. There are quite a few red flags here. I cannot stress enough: check the address bar. Does it say Microsoft.com?, Fedex.com, etc? If not, the choice is simple: abort mission.
Also, if you have come this far, that means you have already opened an email, clicked a link, and then click another link. Now it’s the time to log in. That’s too many things to have to do to just read a simple document. Companies generally make it easy for their customers to get where they’re going, so if the process is too convoluted, question that.
Question The Situation if Something Seems Odd
Another red flag is the login autocomplete, or lack thereof. Modern web browsers and apps extensively use the autocomplete feature or biometric logins. So, if your usual logins don’t pop up, that’s probably because you are on a different page than the one you have a login saved for. Red flag. Another thing to think about is the fact that for most things, your user account stays logged in. So, any time you all the sudden have to log in again, question that.
These phishing attacks are really easy to implement, but they are just as easy to avoid. Just be aware of what you’re opening and where it’s from. And if you do find yourself in this type of situation and something seems phishy, then it probably is.